package cn.aiden.authorizationserver.authorization.device;

import java.util.Map;

import org.springframework.lang.Nullable;
import org.springframework.security.core.Transient;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;


/**
 * 设备码模式token
 * 设备码流程一般使用在不便输入的设备上，设备提供一个链接给用户验证，用户在其它设备的浏览器中认证；
 * 其它的三方服务需要接入时就比较适合授权码模式，
 * 桌面客户端、移动app和前端应用就比较适合pkce流程，
 * pkce靠随机生成的Code Verifier和Code Challenge来保证流程的安全，
 * 无法让他人拆包获取clientId和clientSecret来伪造登录信息；
 * 至于用户登录时输入的账号和密码只能通过升级https来防止拦截请求获取用户密码。
 *
 *
 * @author Joe Grandja
 * @author Steve Riesenberg
 * @since 1.1
 */
@Transient
public class DeviceClientAuthenticationToken extends OAuth2ClientAuthenticationToken {

    public DeviceClientAuthenticationToken(String clientId, ClientAuthenticationMethod clientAuthenticationMethod,
                                           @Nullable Object credentials, @Nullable Map<String, Object> additionalParameters) {
        super(clientId, clientAuthenticationMethod, credentials, additionalParameters);
    }

    public DeviceClientAuthenticationToken(RegisteredClient registeredClient, ClientAuthenticationMethod clientAuthenticationMethod,
                                           @Nullable Object credentials) {
        super(registeredClient, clientAuthenticationMethod, credentials);
    }

}
